Tips on passing AWS Certification exams

Always go with the path of least resistance

More managed = more likely to be the right solution

The biggest benefit of using AWS is the managed services.

Sure, you can use an EC2 server and deploy your app as you would on Digital Ocean or Linode. And you'll have a lot of freedom to switch providers at any time by doing that (avoiding "vendor lock-in"), which is a huge plus that you'll hear about all the time on Hacker News.

But, the real power comes with services that do the heavy lifting for you, like AWS Lambda, AWS AppSync, etc. Yes, it's more vendor lock-in since other clouds have different APIs and you'd have to do a refactor if you ever switched providers. But as far as the exam is concerned, always go with the most managed solution.

Example from the Associate - Developer exam:

A company uses an AWS Lambda function to call a third-party REST endpoint. Personally identifiable information (PII) is exposed upon a successful request. The third party that manages the REST endpoint requires the company to change the API key that the company uses to invoke the endpoint every 4 months.

The company retrieves the API key by calling an endpoint that the third party owns. The endpoint uses basic authentication (username and password). The new API key is available and active one month prior to the inactivation of the old API key. When the company retrieves the new API key, the company needs to store the key for use in future invocations of the REST endpoint. The company needs a secure solution that eliminates downtime while the company sets up the new API key.

Which solution will meet these requirements?

A) Store the API key in Parameter Store, a capability of AWS Systems Manager, as a SecureString. Configure rotation to obtain the new API key from the third party and to update the parameter value.

Incorrect, not using a built-in service feature to accomplish the task.

B) Store the API key in AWS Secrets Manager. Create a Lambda function to obtain the new API key from the third party. Configure rotation in Secrets Manager to use the Lambda function to obtain a new API key. Store the new API key in Secrets Manager. Configure rotation to occur every 4 months.

Correct, uses the built-in Secrets Manager rotation feature.

C) Store the API key in an Amazon DynamoDB table. Create a Lambda function to retrieve the new API key from the third party and to update the value in DynamoDB. Use an Amazon EventBridge (Amazon CloudWatch Events) schedule rule to invoke the Lambda function every 4 months.

Incorrect, way too much work for something Secrets Manager will do for you.

D) Store the API key as a Lambda environment variable. Retrieve the new API key from the third party by using open source software. Manually update the Lambda environment variable.

Incorrect, not using a built-in service feature to accomplish the task and way too much work.

The right answer is the best answer

They don't try to trick you with things that aren't true, so don't waste time looking for answers that aren't possible. The goal of these tests are to ensure that you know the most ideal way to handle a problem using the AWS cloud.

As you can see in the secret rotation example, these are all valid options that will get the job done. The Secrets Manager rotation option was the best since it was the least amount of effort and relies on AWS to handle the rotation for you so there's less surface area for you to make mistakes or have more code the manage, keep up to date, etc.

Save the hard questions for the end

A general tip is that if you have to re-read a question several times to understand it, or it's really long and will take a long time to parse - skip it!

The tests are timed, and you only have so much brain power before you start getting tired. If you get bogged down early on, you might start losing momentum and confidence that will make the easy ones seem more challenging.

The tests let you skip and flag questions and return to them at the end. This way you can breeze through the easy ones and then spend more time on the hard ones at the end. If you miss the hard ones, at least you feel confident that you got as many easy ones as you could.

Commit and don't overthink it

Some questions seem too easy or too hard. If they do, flag them and move on. When going back to them, use the same approaches we discussed earlier to evaluate and then commit to an answer.

It's more likely that your gut reaction is right if you took your time and followed the guidelines we just discussed. Going back and changing your answer is rarely the best approach.

Resources

• A Cloud Guru (paid)
• AWS Certification practice xxams and resources (free)
• Product FAQ pages for all services covered in the exam (free)

Happy coding! SL